Just a quick post on how to use a substitution string in the LDAP DN string field within an authentication scheme. I’m in the process of building a small application for a university. From an authentication/directory point of view the university separates it’s Staff and Students into two completely different tree’s within OID. So we’re faced with either writing a custom PLSQL authentication procedure to traverse the two trees to locate the user OR we simply add a radio button on the login page which lets the user choose which group they belong to. We then use this radio selection to build our DN string reusing the existing LDAP support in the builtin APEX authentication scheme.

If you look at the example below you may initially think that the title of the post is a bit misguided as there is no substitution string defined in the LDAP DN string.

Unfortunately APEX doesn’t substitute page items in the DN string so we have to do a little workaround. Luckily though APEX does allow you to edit the LDAP username entered using a function call before performing the LDAP bind. It’s within this function we set the full DN string.

CREATE OR REPLACE FUNCTION get_full_ldap_dn_string
( p_username IN VARCHAR2
) RETURN VARCHAR2 AS
BEGIN
  RETURN p_username||',ou='||v('P101_DN_OU')||',o=england';
END UOB_LDAP_DN_STRING;

Once again APEX provides the flexibility to workaround a problem, that said I just wish substitution replacement calls were used more widely within a lot of the IDE settings for greater development flexibility thus eliminating the need for them… the workarounds that is.